The tracing and ability to step through code, as well as the
supporting TPM demo utilities, help to understand how a TPM works.

The TPM defaults to minimal resources, although this is easily
changed. Since hardware TPM resources (e.g., key and session slots)
vary, this default helps detect an application that might not be
portable to TPMs from different vendors.

The typical Software TPM interface is TCP/IP sockets. The block
diagram shows that many host applications, such as the Trousers TSS , the IBM TPM
utilities and regression test, the TCG TPM test
suite, and the IBM DAA test suite all support this socket interface.

Some advantages are:

An application can connect to more than one TPM. For example, TPM
to TPM key migration is easily tested.

Using the TPM proxy, an application can transparently switch
between software and hardware TPMs

An application can connect to a remote hardware TPM, allowing
application debug on a platform that does not have a TPM, where the
platform hosting the TPM does not currently support the application,
or where the application developer is at a remote location.

The TPM can be halted and restarted, or the platform rebooted,
without stopping the application.

A proxy in the socket path can intercept and trace TPM commands
and responses.

The TPM Proxy acts on one side as a TCP/IP socket server and on the
other side as an interface to the TPM device driver. It passes
commands from the socket to the device driver and passes responses
from the device driver to the socket.

The proxies are useful in cases such as:

Connecting the libtpm Windows version (socket only) to a Windows
hardware TPM.

The host application supports TCP/IP sockets but is not ported to
the platform where the TPM is running. Porting the proxy is easier
than porting the application.

One application can connect to more than one TPM, with some
TPMs running on another platform.

The proxy, in verbose mode, will trace each TPM command and
response packet. This aids debugging, especially in cases where the
application itself does not trace. Both the Trousers TSS and libtpm
support the socket interface.

While libtpm and thus the utilities support both socket and device
driver interfaces, it is often more convenient to compile once for
sockets and use the proxy.